Device and method for managing shared data, and computer-readable storage medium for computer program

ABSTRACT

A shared data managing device is provided which manages shared data by setting an access right on a first user account basis. The first user account has a first identifier and first user information on a first user receiving a first service. The device includes an obtaining portion for obtaining, from a service providing system for a second service, a second identifier of a second user account used for the second service and second user information on a second user; a pairing portion for making a pair of the first identifier and the second identifier of the first user account and the second user account that are common in the first user information and the second user information; and a transmission portion for sending, to the service providing system, the shared data, the pair made, and the access right on a first user account basis.

This application is based on Japanese patent application No. 2013-115616filed on May 31, 2013, the contents of which are hereby incorporated byreference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a device and method for managing datain accordance with an access right, and so on.

2. Description of the Related Art

Recent years have seen the widespread use of intranets in organizationssuch as public offices, business offices, and schools. Such an intranetis often provided with a server for managing data shared by a pluralityof users. In general, among such servers, one that manages data on afile-by-file basis is called a “file server”, and one that manages databy using an application of a database is called a “database server” inmany cases.

Recent years also have seen the widespread use of image formingapparatuses having various functions such as copying, faxing, scanning,and network printing. Such image forming apparatuses are sometimescalled “multifunction devices”, “Multi-Functional Peripherals (MFPs)”,or the like. Such image forming apparatuses have recently been providedwith a data server function.

A plurality of image forming apparatuses is often provided in oneintranet. In such a case, data may be shared by the image formingapparatuses through a communication line, and data may be also sharedthrough a removable storage medium such as a Universal Serial Bus (USB)memory (Japanese Laid-open Patent Publication No. 2012-119824).

When access to data is allowed without any limitation, somethingundesirable for security may occur. In view of this, a method has beenwell-known in which access to data is restricted by setting an accessright on a data-by-data basis.

Such a work to set access rights is burdensome to a data administrator.To cope with this, the following method has been proposed. A PC extractsa face image from digital photo images, generates a registered personlist for the respective face images, also generates a human relationmeta DB. The PC calculates a share candidate point for a person in theregistered person list on the basis of the temporal and distancecloseness of the selected photo and the other photos, relation strengthin the human relation meta DB and a past photo share history for thephoto selected from a photo list by a user. The PC displays, as a sharecandidate, information related to a person of whom the share candidatepoint is equal to or higher than a first value. The PC displays theperson of whom the share candidate point is equal to or higher than thesecond value by setting the check box at ON (Japanese Laid-open PatentPublication No. 2011-155385).

It is also possible to manage data in an integrated manner by using adirectory service such as Active Directory by Microsoft Corporation(Japanese Laid-open Patent Publication No. 2011-114538).

Further, a cloud computing technology has recently attained widespreaduse. The technology enables data to be saved in an online storage whichis a virtual storage over the Internet, and also enables a plurality ofusers to share such data.

Data saved to a server on an intranet also can be saved to an onlinestorage over the Internet. By virtue of this arrangement, a user can usethe data at an organization facility by gaining access to the server onthe intranet, and use the data in a location outside the facility bygaining access to the online storage over the Internet.

In order that a user can use same data independently of whether he/sheobtains access to the server on the intranet or to the online storageover the Internet, setting access rights is burdensome. This is becausea user account necessary to log into the server on the intranet isdifferent from a user account necessary to log into the online storageover the Internet.

This drawback is not solved by the method described in JapaneseLaid-open Patent Publication No. 2011-114538. The method described inJapanese Laid-open Patent Publication No. 2011-155385 probably reduces aburden of making settings of an access right for data stored in theonline storage over the Internet. It is however desired that access canbe restricted more simply than the method described in the publication.

SUMMARY

The present invention has been achieved in light of such an issue, andan object thereof is to control, in two systems where different useraccounts are used, access to a set of data based on a same access rightmore easily than is conventionally possible.

A shared data managing device according to an aspect of the presentinvention is a shared data managing device for managing shared data bysetting an access right on a first user account basis, the first useraccount having a first identifier and first user information on a firstuser who is to receive a first service. The device includes an obtainingportion configured to obtain, from a service providing system providinga second service, a second identifier of a second user account used forthe second service and second user information on a second user; apairing portion configured to make a pair of the first identifier andthe second identifier of the first user account and the second useraccount that are common in the first user information and the seconduser information; and a transmission portion configured to send, to theservice providing system, the shared data, the pair of the firstidentifier and the second identifier, and the access right on a firstuser account basis.

A shared data managing device according to another aspect of the presentinvention is a shared data managing device that receives shared datafrom another device and manages the shared data on a second user accountbasis, the second user account having a second identifier and seconduser information on a second user who is to receive a second service,the other device managing the shared data by setting an access right ona first user account basis, the first user account having a firstidentifier and first user information on a first user who is to receivea first service. The shared data managing device includes a transmissionportion configured to send, to the other device, the second identifierand the second user information on a second user account basis; areceiving portion configured to receive the access right on a first useraccount basis, and a pair of the first identifier and the secondidentifier of the first user account and the second user account thatare common in the first user information and the second userinformation, the pair being made by the other device; and a controlportion configured to control, when a request for access to the shareddata with the second user account is made, access to the shared data inaccordance with the access right corresponding to the first user accounthaving the first identifier paired with the second identifier of thesecond user account.

These and other characteristics and objects of the present inventionwill become more apparent by the following descriptions of preferredembodiments with reference to drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing an example of the overall configuration of anetwork system.

FIG. 2 is a diagram showing an example of the hardware configuration ofan image forming apparatus.

FIG. 3 is a diagram showing an example of account data.

FIG. 4 is a diagram showing an example of access right data.

FIG. 5 is a diagram showing an example of the hardware configuration ofa cloud server.

FIG. 6 is a diagram showing an example of account data.

FIG. 7 is a diagram showing an example of the hardware configuration ofa terminal.

FIG. 8 is a diagram showing an example of the functional configurationimplemented in an image forming apparatus by an upload program.

FIG. 9 is a diagram showing an example of the functional configurationimplemented in a cloud server by an upload program.

FIG. 10 is a diagram showing an example of the functional configurationimplemented in a terminal by a remote panel application.

FIG. 11 is a sequence diagram showing an example of the processing flowof an image forming apparatus, a cloud server, and a terminal foruploading.

FIG. 12 is a sequence diagram showing an example of the processing flowof an image forming apparatus, a cloud server, and a terminal foruploading.

FIG. 13 is a diagram showing an example of a login screen.

FIG. 14 is a diagram showing an example of an authentication informationinput screen.

FIG. 15 is a diagram depicting an example of checking an MFP addressbook against an SNS address book.

FIG. 16 is a diagram showing an example of ID pair data.

FIG. 17 is a diagram showing an example of an upload data designationscreen.

FIG. 18 is a diagram showing an example of the functional configurationimplemented in an image forming apparatus by an identity verificationprogram and the functional configuration implemented in a cloud serverby a document providing program.

FIG. 19 is a diagram showing an example of the functional configurationimplemented in an image forming apparatus by a print program and thefunctional configuration implemented in a cloud server by an updateprint program.

FIG. 20 is a sequence diagram showing an example of the processing flowof an image forming apparatus, a cloud server, and a terminal forviewing.

FIG. 21 is a sequence diagram showing an example of the processing flowof an image forming apparatus, a cloud server, and a terminal forviewing.

FIG. 22 is a diagram showing an example of the body of an e-mailmessage.

FIG. 23 is a diagram showing an example of a viewed page screen.

FIG. 24 is a sequence diagram showing an example of the processing flowof an image forming apparatus and a cloud server for updating.

FIG. 25 is a sequence diagram showing an example of the processing flowof an image forming apparatus, a cloud server, and a terminal forprinting.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 is a diagram showing an example of the overall configuration of anetwork system 5. FIG. 2 is a diagram showing an example of the hardwareconfiguration of an image forming apparatus 1. FIG. 3 is a diagramshowing an example of account data 62. FIG. 4 is a diagram showing anexample of access right data 63. FIG. 5 is a diagram showing an exampleof the hardware configuration of a cloud server 2. FIG. 6 is a diagramshowing an example of account data 64. FIG. 7 is a diagram showing anexample of the hardware configuration of a terminal 3.

As shown in FIG. 1, the network system 5 is configured of the imageforming apparatus 1, the cloud server 2, the terminal 3, a communicationline 4, and so on.

The image forming apparatus 1, the cloud server 2, and the terminal 3are configured to perform communication with one another via thecommunication line 4. Examples of the communication line 4 are a LocalArea Network (LAN), a telephone line, a mobile phone line, and theInternet.

The image forming apparatus 1 is an apparatus that is generally called a“Multi-Functional Peripheral (MFP)” or a “multifunction device”. Theimage forming apparatus 1 is an apparatus into which functions such ascopying, faxing, scanning, network printing, and box function areconsolidated.

The network printing function is a function to print an image onto paperbased on image data received from the terminal 3. The network printingfunction is sometimes called “PC printing” or “network printing”.

The box function is a function in which a storage area called a“personal box” or “box” is allocated to each user. The box functionenables each user to save data to his/her storage area and to manage thedata therein. The box corresponds to a “folder” or “directory” in apersonal computer. The following description provides an example inwhich a box saves therein data of a document representing a character,photo, picture, or chart. Such data is hereinafter referred to as“document data 61”.

The image forming apparatus 1 is installed in a facility such as apublic office, a corporation, or a school, and is shared by a pluralityof users. The following is a description of a case where the imageforming apparatus 1 is used in a company. Employees of the company areusers of the image forming apparatus 1.

Each of the users is given an account necessary to log into the imageforming apparatus 1. The account is given a unique ID. The ID ishereinafter referred to as an “MFP ID”. Passwords for authentication areset on a user-by-user basis. The password is hereinafter referred to asan “MFP password”. Each of the users is also given an e-mail address tosend/receive e-mail messages on business. Hereinafter, the e-mailaddress is referred to as a “business e-mail address”.

Referring to FIG. 2, the image forming apparatus 1 is configured of asystem controller 10 a, a Random Access Memory (RAM) 10 b, a Read OnlyMemory (ROM) 10 c, a large-capacity storage 10 d, an operating key panel10 e, a touch-sensitive panel display 10 f, a Network Interface Card(NIC) 10 g, a modem 10 h, a scanner unit 10 i, an input image processingcircuit 10 j, an output image processing circuit 10 k, a printing unit10 m, and so on.

The operating key panel 10 e includes a start key, a stop key, a resetkey, and a numeric keypad. The operating key panel 10 e is used for auser to enter a command or information into the image forming apparatus1.

The touch-sensitive panel display 10 f displays, for example, a screenfor presenting messages or instructions to a user, a screen for allowinga user to input a processing command and processing conditions, and ascreen showing the results of processing performed by the systemcontroller 10 a. The touch-sensitive panel display 10 f detects aposition touched by user's finger, and sends a signal indicating theresult of detection to the system controller 10 a. The user is alsoallowed to enter a command or information into the image formingapparatus 1 by touching the touch-sensitive panel display 10 f.

The NIC log performs communication with the cloud server 2 and theterminal 3 in accordance with a protocol such as Transmission ControlProtocol/Internet Protocol (TCP/IP) through the communication line 4.

The modem 10 h performs communication with a fax terminal based on aprotocol such as a G3.

The scanner unit 10 i optically reads an image from a sheet of paper inwhich a photograph, character, picture, or a chart is recorded, andgenerates image data thereof.

The input image processing circuit 10 j performs various types of imageprocessing on image data obtained by the NIC 10 g, the modem 10 h, orthe scanner unit 10 i based on predetermined conditions or conditionsdesignated by a user.

The output image processing circuit 10 k performs various types of imageprocessing on image data of a print target image based on predeterminedconditions or conditions designated by a user.

The printing unit 10 m prints an image onto paper based on the imagedata that has been subjected to the image processing by the output imageprocessing circuit 10 k.

The ROM 10 c or the large-capacity storage 10 d stores, therein, anapplication program for providing a user with services using theforegoing functions, an upload program 1PA, an identity verificationprogram 1PB, a print program 1PC, and so on (see FIGS. 8, 18, and 19).

An example of the application program is, in particular, a program forbox management.

The programs are loaded into the RAM 10 b as necessary, and are executedby the system controller 10 a. The large-capacity storage 10 d is, forexample, a hard disk drive or a Solid State Drive (SSD). The systemcontroller 10 a is, for example, a Central Processing Unit (CPU) or aMicro Processing Unit (MPU).

The large-capacity storage 10 d also stores therein account data 62 on auser-by-user basis. As shown in FIG. 3, the account data 62 indicates anMFP ID, an MFP password, and a business e-mail address for thecorresponding user.

The large-capacity storage 10 d has boxes on a user-by-user basis. Thelarge-capacity storage 10 d stores, therein, access right data 63 foreach set of the document data 61 saved in a box.

Referring to FIG. 4, the access right data 63 shows access rights of thecorresponding document data 61 in such a manner that an access right ofeach user is associated with an MFP ID. In the access right field, “R”means that viewing a document corresponding to the document data 61 ispermitted, and rewriting the document is not permitted; “W” means thatboth viewing and rewriting the document are permitted; and “P” meansthat printing the document is permitted.

The access right data 63 is associated with an identifier of thecorresponding document data 61.

The cloud server 2 of FIG. 1 is a server which provides cloud computingservices. A common cloud server is often configured of many servermachines and virtualized as one server machine. However, for simplicityof explanation, this embodiment takes an example in which the cloudserver 2 is configured of one server machine. Further, in thisembodiment, a case is described in which the cloud server 2 provides aSocial Networking Service (SNS).

Referring to FIG. 5, the cloud server 2 is configured of a systemcontroller 20 a, a RAM 20 b, a ROM 20 c, a large-capacity storage 20 d,an NIC 20 e, and so on.

The NIC 20 e performs communication with the image forming apparatus 1and the terminal 3 in accordance with a protocol such as TCP/IP throughthe communication line 4.

The ROM 20 c or the large-capacity storage 20 d stores, therein, aprogram for SNS, an upload program 2PA, a document providing program2PB, an update print program 2PC, and so on (see FIGS. 9, 18, and 19).

An example of the program for SNS is, in particular, a program foronline storage. The program enables management of data saved to theonline storage virtually provided in the large-capacity storage 20 d.The program also enables a user to gain access to data or edit datathrough a web browser of the terminal 3. The program also enables a userto share data with other users. Examples of such an online storageservice are Google Drive provided by Google Inc., and Evernote providedby Evernote Corporation.

The programs are loaded into the RAM 20 b as necessary, and are executedby the system controller 20 a. The system controller 20 a is, forexample, a CPU or an MPU.

Each of the users is given an account necessary to log into the SNS website. The account is given a unique ID. The ID is hereinafter referredto as an “SNS ID”. Passwords for authentication are set on auser-by-user basis. The password is hereinafter referred to as an “SNSpassword”. Each of the users registers his/her e-mail address in advancein the SNS for transmission/reception of e-mail messages through theSNS. Hereinafter, the e-mail address used for this purpose is referredto as an “SNS e-mail address”. The SNS e-mail address may be the same asthe business e-mail address, or, may be a private e-mail address.

The large-capacity storage 20 d stores therein account data 64 on auser-by-user basis. As shown in FIG. 6, the account data 64 indicates anSNS ID, an SNS password, and an SNS e-mail address for the correspondinguser. The account data 64 also indicates SNS IDs of all the concernedparties of the user through the SNS, e.g., acquaintances of thecorresponding user. Such an SNS ID is called a concerned person SNS ID.

The terminal 3 is a client for a user to receive services provided bythe image forming apparatus 1 and the cloud server 2. The user canoperate the image forming apparatus 1 by using the terminal 3 instead ofusing the touch-sensitive panel display 10 f. In short, the terminal 3is used as a remote panel of the image forming apparatus 1.

Referring to FIG. 7, the terminal 3 is configured of a system controller30 a, a RAM 30 b, a ROM 30 c, a flash memory 30 d, an operation button30 e, a touch-sensitive panel display 30 f, a digital camera 30 g, amobile phone communication circuit 30 h, a wireless Local Area Network(LAN) communication circuit 30 i, a charging circuit 30 j, a battery 30k, and so on.

The operation button 30 e is, for example, a so-called home button. Thetouch-sensitive panel display 30 f displays a variety of screensdiscussed later. The touch-sensitive panel display 30 f is also used forthe user to enter a command and information. The digital camera 30 gtakes an image to generate image data thereof.

The mobile phone communication circuit 30 h performs communicationthrough a mobile phone network such as a Wideband Code Division MultipleAccess (W-CDMA), CDMA-2000, or a Long Term Evolution (LTE).

The wireless LAN communication circuit 30 i performs communicationthrough a wireless communication network (so-called wireless LAN)complying with Institute of Electrical and Electronics Engineers (IEEE)802.11.

The charging circuit 30 j is to charge a battery 30 k. The battery 30 kis a secondary battery to supply power to the portions of the terminal3.

The ROM 30 c or the flash memory 30 d stores, therein, programs such asa remote panel application 3PA, a mailer 3PB, and a web browser 3PC (seeFIGS. 10, 18, and 19).

The programs are loaded into the RAM 30 b as necessary, and are executedby the system controller 30 a.

The terminal 3 is, for example, a tablet computer or smartphone. Theoperating system of the terminal 3 is, for example, Android provided byGoogle Inc., iOS provided by Apple Inc., or Windows 8 (“Windows” is aregistered trademark) provided by Microsoft Corporation. Hereinafter,the terminals 3 may be described separately as a “terminal 3A”,“terminal 3B”, “terminal 3C”, . . . , and so on.

The user operates the terminal 3 to upload the document data 61 saved ina box of the image forming apparatus 1 to the cloud server 2, so thatthe document data 61 can be shared with the concerned parties of theuser. This is implemented by the programs of the individual devices.Hereinafter, the processing by the programs shall be described, thedescriptions being broadly divided into the following parts: Processingfor uploading the document data 61 to the cloud server 2; and Processingfor gaining access to the uploaded document data 61.

[Processing for Uploading the Document Data 61 to the Cloud Server 2]

FIG. 8 is a diagram showing an example of the functional configurationimplemented in the image forming apparatus 1 by the upload program 1PA.FIG. 9 is a diagram showing an example of the functional configurationimplemented in the cloud server 2 by the upload program 2PA. FIG. 10 isa diagram showing an example of the functional configuration implementedin the terminal 3 by the remote panel application 3PA. FIGS. 11 and 12are sequence diagrams showing an example of the processing flow of theimage forming apparatus 1, the cloud server 2, and the terminal 3 foruploading. FIG. 13 is a diagram showing an example of a login screen3SC1. FIG. 14 is a diagram showing an example of an authenticationinformation input screen 3SC2. FIG. 15 is a diagram depicting an exampleof checking an MFP address book 601 against an SNS address book 602.FIG. 16 is a diagram showing an example of ID pair data 65. FIG. 17 is adiagram showing an example of an upload data designation screen 3SC3.

The processing for uploading the document data 61 to the cloud server 2is performed mostly by the upload program 1PA, the upload program 2PA,and the remote panel application 3PA.

The upload program 1PA implements the functions of a first accountinformation request portion 100, a user authentication portion 101, asecond account information request portion 102, a first address bookobtaining portion 103, a second address book obtaining portion 104, anaddress book matching portion 105, a correspondence registration portion106, an upload permission/refusal informing portion 107, an uploadprocessing portion 108, an upload informing portion 109, acorrespondence storing portion 121, and so on, all of which are shown inFIG. 8.

The upload program 2PA implements the functions of a user authenticationportion 201, an address book providing portion 202, a document dataregistration portion 203, a URL informing portion 204, an adjunct datastorage portion 211, and so on, all of which are shown in FIG. 9.

The remote panel application 3PA implements the functions of a remoteaccess request portion 301, a login screen display processing portion302, a first account information informing portion 303, a cloudauthentication screen display processing portion 304, a second accountinformation informing portion 305, an upload screen display processingportion 306, an upload request portion 307, and so on, all of which areshown in FIG. 10.

These programs enable the user to use the terminal 3 as a remote panelof the image forming apparatus 1 to upload the document data 61 from theimage forming apparatus 1 to the cloud server 2.

The description goes on to the processing by the individual portionsshown in FIGS. 8-10 with reference to the sequence diagrams shown inFIGS. 11 and 12. The description takes an example where the useroperates the terminal 3A to upload the document data 61.

The image forming apparatus 1 and the terminal 3A establish a sessiontherebetween by a conventional method to be connected to each other(Steps #701 and #901 of FIG. 11).

Upon the connection, the terminal 3A starts up the remote panelapplication 3PA (Step #902).

In the terminal 3A, then, the remote access request portion 301 of FIG.10 sends the remote access request data 6A to the image formingapparatus 1 to make a request for remote access and upload (Step #903).

In the image forming apparatus 1, when receiving the remote accessrequest data 6A (Step #702), the first account information requestportion 100 of FIG. 8 sends account information request data 6B to theterminal 3A to make a request for account information for the imageforming apparatus 1 (Step #703).

In the terminal 3A, when receiving the account information request dataGB (Step #904), the login screen display processing portion 302 displaysthe login screen 3SC1, as that shown in FIG. 13, on the touch-sensitivepanel display 30 f (Step #905). The user enters his/her MFP ID and MFPpassword on the login screen 3SC1.

When the MFP ID and MFP password are entered, the first accountinformation informing portion 303 sends account data 6C indicating theMFP ID and MFP password to the image forming apparatus 1 (Step #906). Inthis way, account information necessary for the user of the terminal 3Ato use the image forming apparatus 1 is conveyed to the image formingapparatus 1.

In the image forming apparatus 1, when receiving the account data 6C(Step #704), the user authentication portion 101 checks (Step #705)whether or not the user of the terminal 3A is an authorized user basedon the account data 6C and the sets of account data 62 (see FIG. 3)stored in the large-capacity storage 10 d. To be specific, if thelarge-capacity storage 10 d stores therein account data 62 whichindicates the same MFP ID and MFP password as those of the account data6C, then the user authentication portion 101 determines that the user ofthe terminal 3A is an authorized user. Otherwise, the userauthentication portion 101 determines that the user of the terminal 3Ais not an authorized user.

If the user authentication portion 101 determines that the user of theterminal 3A is an authorized user, then login operation to the imageforming apparatus 1 by the user of the terminal 3A is completed.

When the user of the terminal 3A is determined to be an authorized user,the second account information request portion 102 sends accountinformation request data 6D to the terminal 3A to make a request foraccount information for the cloud server 2 (Step #706). When the user ofthe terminal 3A is not determined to be an authorized user, theprocessing after Step #705 is not performed.

In the terminal 3A, when receiving the account information request data6D (Step #907), the cloud authentication screen display processingportion 304 displays the authentication information input screen 3SC2,as that shown in FIG. 14, on the touch-sensitive panel display 30 f(Step #908). The user enters his/her SNS ID and SNS password on theauthentication information input screen 3SC2.

When the SNS ID and SNS password are entered, the second accountinformation informing portion 305 sends account data 6E indicating theSNS ID and SNS password to the image forming apparatus 1 (Step #909). Inthis way, account information necessary for the user of the terminal 3Ato use the cloud server 2 is conveyed to the image forming apparatus 1.

In the image forming apparatus 1, when receiving the account data 6E(Step #707), the first address book obtaining portion 103 obtains theMFP IDs and the business e-mail addresses from the account data 62 (seeFIG. 3) (Step #708). A set of the MFP IDs and the business e-mailaddresses thus obtained has a format of address book (see FIG. 15). Theset is hereinafter referred to as an “MFP address book 601”.

In parallel with the processing by the first address book obtainingportion 103 or before or after the same, the second address bookobtaining portion 104 performs processing for obtaining an address bookfrom the cloud server 2 in the following manner.

The second address book obtaining portion 104 sends address book requestdata 6F to the cloud server 2 to make a request for address book (Step#709).

In the cloud server 2, when the address book request data 6F is received(Step #801), the user authentication portion 201 checks the authenticityof the user of the terminal 3A in the SNS in the following manner. Thecloud server 2 sends account information request data 6G to the imageforming apparatus 1 to request, from the image forming apparatus 1,account information necessary for the user of the terminal 3A to use theSNS (Step #802).

In the image forming apparatus 1, when receiving the account informationrequest data 6G (Step #710), the second address book obtaining portion104 sends account data 6H to the cloud server 2 (Step #711). The accountdata 6H shows the SNS ID and SNS password indicated in the account dataGE obtained in Step #707. In this way, the cloud server 2 is given theaccount information necessary for the user of the terminal 3A to use theSNS.

In the cloud server 2, when receiving the account data 6H (Step #803),the user authentication portion 201 performs authentication on the userof the terminal 3A (Step #804 of FIG. 12). To be specific, if thelarge-capacity storage 20 d stores therein account data 64 (see FIG. 6)which indicates the same SNS ID and SNS password as those of the accountdata 6H, then the user authentication portion 201 determines that theuser of the terminal 3A is an authorized user. Otherwise, the userauthentication portion 201 determines that the user of the terminal 3Ais not an authorized user.

If the user authentication portion 201 determines that the user of theterminal 3A is an authorized user, then the address book providingportion 202 determines SNS IDs and SNS e-mail addresses of the concernedparties of the user of the terminal 3A based on the account data 64. Theaddress book providing portion 202 then sends address book data 6Jindicating the determined SNS IDs and SNS e-mail addresses to the imageforming apparatus 1 (Step #805).

A set of the SNS IDs and the SNS e-mail addresses thus determined has aformat of address book (see FIG. 15). The set is hereinafter referred toas an “SNS address book 602”.

The second address book obtaining portion 104 then receives the addressbook data 6J (Step #712).

In this way, the SNS address book 602 is provided from the cloud server2 to the image forming apparatus 1.

On the other hand, if the user authentication portion 201 does notdetermine that the user of the terminal 3A is an authorized user, thenthe SNS address book 602 is not provided. Therefore, the image formingapparatus 1 checks whether or not the user of the terminal 3A issuccessfully authenticated by checking whether or not the address bookdata 6J is obtained.

The address book matching portion 105 checks the MFP address book 601against the SNS address book 602 to find out the MFP ID and the SNS IDcorresponding to the same user (Step #713). To be specific, the addressbook matching portion 105 detects an e-mail address that is common tothe MFP address book 601 and the SNS address book 602. The address bookmatching portion 105 then determines that the MFP ID and the SNS IDassociated with the common e-mail address correspond to the same user.

In the example of FIG. 15, both the MFP address book 601 and the SNSaddress book 602 have an address of “wada@x-corp.example.co.jp” and anaddress of “suzuki@x-corp.example.co.jp”. Therefore, the address bookmatching portion 105 determines that an MFP ID of “M005” and an SNS IDof “S002” both of which are associated with “wada@x-corp.example.co.jp”correspond to the same user. Likewise, the address book matching portion105 determines that an MFP ID of “M002” and an SNS ID of “S004” both ofwhich are associated with “suzuki@x-corp.example.co.jp” correspond tothe same user.

The correspondence registration portion 106 generates ID pair data 65indicating the MFP ID and the SNS ID that are determined to correspondto the same user by the address book matching portion 105, and storesthe ID pair data 65 into the correspondence storing portion 121 (Step#714). In this way, a pair of the MFP ID and the SNS ID is made, and thecorrespondence therebetween is registered into the correspondencestoring portion 121. In the case of FIG. 15, two sets of the ID pairdata 65 are stored into the correspondence storing portion 121 as shownin FIG. 16.

In parallel with the processing by the address book matching portion 105and the correspondence registration portion 106 or before or after thesame, the upload permission/refusal informing portion 107 performsprocessing for informing the terminal 3A of a message as describedbelow. If the second address book obtaining portion 104 obtains theaddress book data 6J from the cloud server 2, then the uploadpermission/refusal informing portion 107 sends upload permission data6K1 to the terminal 3A to inform the terminal 3A that uploading to thecloud server 2 is possible. Otherwise, the upload permission/refusalinforming portion 107 sends upload refusal data 6K2 to the terminal 3Ato inform the terminal 3A that uploading to the cloud server 2 isimpossible.

Note that the upload permission data 6K1 shows identifiers (data name,document name, etc.) of document data 61 that can be uploaded to thecloud server 2 among sets of document data 61 saved in the box. Forexample, the upload permission data 6K1 shows identifiers of the sets ofdocument data 61 saved in the box of the user of the terminal 3A.

In the terminal 3A, when receiving the upload permission data 6K1 (Step#910), the upload screen display processing portion 306 displays theupload data designation screen 3SC3, as that shown in FIG. 17, on thetouch-sensitive panel display 30 f (Step #911). The upload datadesignation screen 3SC3 shows identifiers of the sets of document data61 indicated in the upload permission data 6K1. The user selects, on theupload data designation screen 3SC3, the document data 61 to be uploadedto the cloud server 2 and be shared with the parties concerned, forexample, by touching the identifier of the document data 61.

When receiving the upload refusal data 6K2, the upload screen displayprocessing portion 306 displays a message indicating that uploading tothe cloud server 2 is impossible.

The upload request portion 307 sends upload request data 6M indicatingthe identifier of the document data 61 designated by the user to theimage forming apparatus 1 to request the same to upload the documentdata 61 to the cloud server 2 (Step #912).

In the image forming apparatus 1, when receiving the upload request data6M (Step #716), the upload processing portion 108 obtains, from the box,the document data 61 having the identifier indicated in the uploadrequest data 6M, and sends, to the cloud server 2, the access right data63 (see FIG. 4) for the document data 61 and the ID pair data 65 (seeFIG. 16) generated in Step #714 (Step #717).

In the cloud server 2, when receiving the document data 61 and theaccess right data 63 from the image forming apparatus 1 (Step #806), thedocument data registration portion 203 saves the document data 61 to anonline storage of the user of the terminal 3A (Step #807), and saves theaccess right data 63 and the ID pair data 65 to the adjunct data storageportion 211 (Step #808).

In the foregoing manner, the document data 61 saved in the image formingapparatus 1 is uploaded to the cloud server 2.

The URL informing portion 204 sends, to the image forming apparatus 1,saving location data 6N indicating a URL through which the uploadeddocument data 61 is accessed (Step #809). The URL has a domain name ofthe SNS web site, a directory name or sub-domain name of the onlinestorage of the user of the terminal 3A, a file name of the document data61, and so on.

In the image forming apparatus 1, when the saving location data 6N isreceived, the upload informing portion 109 generates an e-mail message6P (see FIG. 22) (Step #719). The e-mail message 6P shows that thedocument data 61 has been uploaded to the online storage of the user ofthe terminal 3A, and presents the URL indicated in the saving locationdata 6N. The e-mail message 6P is then sent to each of the SNS e-mailaddresses shown in the SNS address book 602 obtained in Step #712 (Step#720).

The e-mail message 6P is then delivered through a mail server or thelike to the terminals 3 of the concerned parties of the user of theterminal 3A.

[Processing for Gaining Access to the Uploaded Document Data 61]

FIG. 18 is a diagram showing an example of the functional configurationimplemented in the image forming apparatus 1 by the identityverification program 1PB and the functional configuration implemented inthe cloud server 2 by the document providing program 2PB. FIG. 19 is adiagram showing an example of the functional configuration implementedin the image forming apparatus 1 by the print program 1PC and thefunctional configuration implemented in the cloud server 2 by the updateprint program 2PC. FIGS. 20 and 21 are sequence diagrams showing anexample of the processing flow of the image forming apparatus 1, thecloud server 2, and the terminal 3 for viewing. FIG. 22 is a diagramshowing an example of the body of the e-mail message 6P. FIG. 23 is adiagram showing an example of a viewed page screen 3SC6. FIG. 24 is asequence diagram showing an example of the processing flow of the imageforming apparatus 1 and the cloud server 2 for updating. FIG. 25 is asequence diagram showing an example of the processing flow of the imageforming apparatus 1, the cloud server 2, and the terminal 3 forprinting.

The processing for gaining access to the uploaded document data 6 isperformed mainly by the identity verification program 1PB, the printprogram 1PC, the document providing program 2PB, the update printprogram 2PC, the mailer 3PB, and the web browser 3PC.

The identity verification program 1PB implements the functions of a userauthentication portion 151, a correspondence registration portion 152,and so on, all of which are shown in FIG. 18.

The print program 1PC implements the functions of a printpermission/refusal determination portion 171, a print control portion172, a print result informing portion 173, and so on, all of which areshown in FIG. 19.

The document providing program 2PB implements the functions of a userauthentication portion 251, a corresponding MFP ID search portion 252,an account information request portion 253, an authentication requestportion 254, a correspondence registration portion 255, a viewingpermission/refusal determination portion 256, a document data providingportion 257, and so on, all of which are shown in FIG. 18.

The update print program 2PC implements the functions of an updatepermission/refusal determination portion 271, a document data updatingportion 272, an update result informing portion 273, a print requestportion 274, a print result transferring portion 275, and so on, all ofwhich are shown in FIG. 19.

The description goes on to the processing by the individual portionsshown in FIGS. 18 and 19 with reference to the sequence diagrams shownin FIGS. 20, 21, 24, and 25. The description takes an example where theuser operates the terminal 3B to obtain access to the document data 61.

When receiving the e-mail message 6P through the mailer 3PB (Step #931of FIG. 20), the terminal 3B displays the body of the e-mail message 6Pshown in FIG. 22 on the touch-sensitive panel display 30 f (Step #932).The body contains a message showing that the document data 61 has beenuploaded to the online storage of the user of the terminal 3A, an URL ofthe document data 61, and so on.

When the URL is touched, the terminal 3B starts the web browser 3PC, andmakes a request for obtaining access to the document data 61 based onthe URL (Step #933). The terminal 3B performs the processing describedbelow with the web browser 3PC.

In the cloud server 2, when receiving the request from the terminal 3B(Step #831), the user authentication portion 251 sends accountinformation request data 6Q to the terminal 3B to request SNS accountinformation from the terminal 3B (Step #832).

When receiving the account information request data 6Q (Step #934), theterminal 3B displays a login screen that is similar to theauthentication information input screen 3SC2 (see FIG. 14) on thetouch-sensitive panel display 30 f (Step #935). The user enters his/herSNS ID and SNS password on the login screen.

When the SNS ID and SNS password are entered, the terminal 3B sendsaccount data 6R indicating the SNS ID and SNS password to the cloudserver 2 (Step #936).

In the cloud server 2, when receiving the account data 6R (Step #833),the user authentication portion 251 performs authentication on the userof the terminal 3B based on the account data 6R and the account data 64(see FIG. 6) (Step #834). The authentication method is the same as thatby the user authentication portion 201 (see FIG. 9).

When the user authentication portion 251 confirms that the user of theterminal 3B is an authorized user, the corresponding MFP ID searchportion 252 searches for an MFP ID corresponding to the SNS ID of theuser in the sets of ID pair data 65 (see FIG. 16) stored in the adjunctdata storage portion 211 (Step #835).

If such an MFP ID is found out by the search (Yes in Step #836), thenthe viewing permission/refusal determination portion 256 and thedocument data providing portion 257 perform processing for providing theterminal 3B with document data 61 related to the request received inStep #831 (Steps #842 and #843 of FIG. 21). This will be describedlater.

On the other hand, if such an MFP ID is not found out by the search (Noin Step #836), then the account information request portion 253, theauthentication request portion 254, and the correspondence registrationportion 255 perform the following processing.

The account information request portion 253 sends account informationrequest data 6S to the terminal 3B to request account information forthe image forming apparatus 1 from the terminal 3B (Step #837).

When receiving the account information request data 6S (Step #937), theterminal 3B displays an account information input screen that is similarto the login screen 3SC1 (see FIG. 13) on the touch-sensitive paneldisplay 30 f (Step #938). The user enters his/her MFP ID and MFPpassword on the account information input screen.

The terminal 3B sends account data 6T indicating the entered MFP ID andMFP password to the cloud server 2 (Step #939 of FIG. 21).

In the cloud server 2, when receiving the account data 6T (Step #838),the authentication request portion 254 transfers the account data 6T tothe image forming apparatus 1 to request the same to determine whetheror not the user of the terminal 3B is an authorized user of the imageforming apparatus 1 (Step #839). At this time, account data 6Uindicating the SNS ID received in Step #833 is also sent to the imageforming apparatus 1.

In the image forming apparatus 1, when receiving the account data 6T andthe account data 6U (Step #731), the user authentication portion 151determines whether or not the user of the terminal 3B is an authorizeduser of the image forming apparatus 1 based on the account data 6T andthe sets of account data 62 (see FIG. 3) (Step #732).

The determination method is the same as that by the user authenticationportion 101 (see FIG. 8). The image forming apparatus 1 sendsauthentication result data 6V indicating the result of authentication tothe cloud server 2 (Step #733).

If it is determined that the user of the terminal 3B is an authorizeduser of the image forming apparatus 1, then the correspondenceregistration portion 152 generates ID pair data 65 indicating the MFP IDof the user and the SNS ID indicated in the account data 6U received inStep #731, and stores the ID pair data 65 into the correspondencestoring portion 121 (Step #734). Thereby, a new set of the ID pair data65 is added to the correspondence storing portion 121. The ID pair data65 is sent to the cloud server 2 along with the authentication resultdata 6V.

In the cloud server 2, when receiving the authentication result data 6V(Step #840), the correspondence registration portion 255 stores the IDpair data 65 received along with the authentication result data 6V intothe adjunct data storage portion 211 (Step #841), provided that theauthentication result data 6V indicates that the user is successfullyauthenticated. Thereby, a new set of the ID pair data 65 is added to theadjunct data storage portion 211.

If the authentication result data 6V indicates that the authenticationfails, then the processing for providing the terminal 3B with thedocument data 61 is cancelled.

If the authentication result data 6V indicates that the user issuccessfully authenticated, or, alternatively, if an MFP IDcorresponding to the SNS ID of the user of the terminal 3B is found outin Step #835, then the viewing permission/refusal determination portion256 determines whether or not the document data 61 requested from theterminal 3B may be given thereto (Step #842).

The viewing permission/refusal determination portion 256 obtains theaccess right data 63 (see FIG. 4) of the document data 61. If the MFP IDindicated in the account data 6T received in Step #838 or the MFP IDfound out in Step #835 is associated with “R” or “W” in the access rightdata 63, then the viewing permission/refusal determination portion 256determines that the document data 61 may be given to the request source.Otherwise, the viewing permission/refusal determination portion 256determines that the document data 61 cannot be given to the terminal 3B.

If the viewing permission/refusal determination portion 256 determinesthat the document data 61 requested from the terminal 3B may be given,then the document data providing portion 257 sends the document data 61to the terminal 3B (Step #843).

When receiving the document data 61 (Step #940), the terminal 3Bdisplays the viewed page screen 3SC6 containing the document as thatshown in FIG. 23 on the touch-sensitive panel display 30 f (Step #941).

It is possible that the document data providing portion 257 sends, tothe terminal 3B, data only on a part of the document that can bedisplayed concurrently in the web browser 3PC instead of sending theentirety of the document data 61 at one time. In such a case, data onthe other part of the document may be sent appropriately in accordancewith scroll operation or page shift operation. Alternatively, thedocument data 61 may be converted to data compatible with a webapplication and sent.

On the other hand, if the viewing permission/refusal determinationportion 256 determines that the document data 61 cannot be given to theterminal 3B in Step #842, then the document data providing portion 257sends, instead of the document data 61, a message indicating that theuser of the terminal 3B has no access right to the document data 61 tothe terminal 3B. The terminal 3B displays the message instead of thedocument corresponding to the document data 61.

The user is allowed to update or print the displayed document inaccordance with the access right given to him/her.

When the user edits the document and enters a command to save the same,the terminal 3B sends edit details data 6W indicating the edit detailsand the identifier of the document data 61 to the cloud server 2 torequest the same to update the document data 61 (Step #951 of FIG. 24).

In the cloud server 2, when receiving the edit details data 6W (Step#851), the update permission/refusal determination portion 271determines whether or not the document data 61 can be updated in thefollowing manner (Step #852).

The update permission/refusal determination portion 271 reads out theaccess right data 63 (see FIG. 4) of the document data 61. If the accessright data 63 shows that the MFP ID of the user of the terminal 3B isassociated with “W”, then the update permission/refusal determinationportion 271 determines that the document data 61 may be updated.Otherwise, the update permission/refusal determination portion 271determines that the document data 61 cannot be updated.

If the update permission/refusal determination portion 271 determinesthat the document data 61 may be updated (Yes in Step #853), then thedocument data updating portion 272 updates the document data 61 based onthe edit details data 6W (Step #854).

When the document data 61 is completely updated, the update resultinforming portion 273 transmits update completion notification data 6X1to the terminal 3B. When the user is not given an access right forupdate, the update result informing portion 273 transmits update refusalnotification data 6X2 to the terminal 3B (Step #855).

When receiving the update completion notification data 6X1, the terminal3B displays a message showing that update has been completed on thetouch-sensitive panel display 30 f (Step #952 and Step #953). Whenreceiving the update refusal notification data 6X2, the terminal 3Bdisplays a message showing that the user is not authorized to update(has no access right for update) on the touch-sensitive panel display 30f (Step #952 and Step #953).

When the user enters a command to print out a document, the terminal 3Bsends print request data 6Y indicating the identifier of the documentdata 61 corresponding to the document to the cloud server 2 to requestthe same to print out the document (Step #961 of FIG. 25).

In the cloud server 2, when receiving the print request data 6Y (Step#861), the print request portion 274 obtains, from the online storage,the document data 61 corresponding to the identifier indicated in theprint request data 6Y, and transfers the document data 61 to the imageforming apparatus 1 to request the same to print out the document (Step#862). At this time, the cloud server 2 informs the image formingapparatus 1 of the identifier of the document data 61 and the MFP ID ofuser of the terminal 3B. The MFP ID is one that has been found out bythe search in Step #835 of FIG. 20 or one that has been determined to bethe MFP ID of the user of the terminal 3B in Step #732 of FIG. 21.

In the image forming apparatus 1, when receiving the document data 61(Step #761), the print permission/refusal determination portion 171determines whether or not the document can be printed out (Step #762).

The print permission/refusal determination portion 171 obtains theaccess right data 63 of the document data 61 from the large-capacitystorage 10 d based on the identifier conveyed by the cloud server 2. Ifthe access right data 63 shows that the MFP ID of user of the terminal3B is associated with “P”, then the print permission/refusaldetermination portion 171 determines that the document can be printedout. Otherwise, the print permission/refusal determination portion 171determines that document cannot be printed out.

If the print permission/refusal determination portion 171 determinesthat the document can be printed out (Yes in Step #763), then the printcontrol portion 172 controls the output image processing circuit 10 kand the printing unit 10 m in such a manner that the document is printedonto paper based on the received document data 61 (Step #764). In thisway, the document is printed out onto paper.

When the printing is completely finished, the print result informingportion 173 sends print completion notification data 6Z1 to the cloudserver 2. When the user is not given an access right for printing, theprint result informing portion 173 sends print refusal notification data6Z2 to the terminal 3B (Step #765).

In the cloud server 2, the print result transferring portion 275transfers the print completion notification data 6Z1 or the printrefusal notification data 6Z2 to the terminal 3B (Steps #863 and #864).

When receiving the print completion notification data 6Z1, the terminal3B displays a message indicating that printing has been completed on thetouch-sensitive panel display 30 f (Steps #962 and #963). When receivingthe print refusal notification data 6Z2, the terminal 3B displays amessage indicating that the user is not authorized to perform printing(has no access right for printing) on the touch-sensitive panel display30 f (Steps #962 and #963).

The document data 61 sent from the cloud server 2 to the image formingapparatus 1 is originally document data uploaded from the image formingapparatus 1. Therefore, instead of sending the document data 61 from thecloud server 2 in Step #862, it is possible that the image formingapparatus 1 obtains the same document data 61 from the box and performsprinting based on the obtained document data 61.

The print request portion 274 informs the image forming apparatus 1 ofthe MFP ID of the user of the terminal 3B. Instead of this, the printrequest portion 274 may inform the image forming apparatus 1 of the SNSID thereof. In such a case, the print permission/refusal determinationportion 171 preferably identifies an MFP ID corresponding to the SNS IDbased on the ID pair data 65, and determines whether or not printing ispossible.

It is the cloud server 2 that determines whether or not browse or updateis possible. Instead of this, however, the image forming apparatus 1 maymake the determination as with the case of determination as to whetheror not printing is possible. It is the image forming apparatus 1 thatdetermines whether or not printing is possible. Instead of this,however, the cloud server 2 may make the determination as with the caseof determination as to whether or not browse or update is possible.

According to this embodiment, it is possible to control, in the imageforming apparatus 1 and the cloud server 2, access to the document data61 based on a same access right more easily than is conventionallypossible.

In essence, in two systems or devices where different user accounts areused, it is possible to control access to a same set of data based on asame access right more easily than is conventionally possible.

In this embodiment, an ID and a password are used as the user accountinformation. Instead of this, biometric information such as fingerprintsor face images may be used as the user account information.

In this embodiment, an e-mail address is used as the information onuser. Instead of this, other types of information such as address ortelephone number may be used as the information on user. Alternatively,a plurality of pieces of information may be combined for use in theinformation on user. For example, the date of birth, gender, and contactinformation (e-mail, address, or telephone number) may be combinedtogether.

In this embodiment, the case is described in which each user is givenone account. The present invention is also applicable to the case whereeach group of a plurality of users is given one account. In such a case,the devices preferably perform the foregoing processing with one groupdeemed as one user.

In this embodiment, the cloud server 2 provides, as the SNS address book602, an address book containing SNS IDs and SNS e-mail addresses of allthe concerned parties of the logged-in user to the image formingapparatus 1. Instead of this, it is possible to provide the imageforming apparatus 1 with an address book containing SNS IDs and SNSe-mail addresses of persons designated by the user.

In this embodiment, the image forming apparatus 1 and the terminal 3perform communication with each other via the communication line 4.Instead of this, the communication may be performed wirelessly viaBluetooth (registered trademark), a wireless USB, a ZigBee, or the like.

In this embodiment, the terminal 3 is a tablet computer or a smartphone.Instead of this, a personal computer or a mobile phone terminal may beused as the terminal 3.

In this embodiment, user authentication is performed. Instead of this,authentication on the terminal 3 (so-called hardware authentication) maybe performed. In such a case, the authentication is preferably performedby checking whether or not the identity information of the terminal 3,e.g., an IP address or Media Access Control (MAC) address thereof, isregistered in advance in the image forming apparatus 1 or the cloudserver 2.

In this embodiment, the image forming apparatus 1 makes a pair of an MFPID and an SNS ID. Instead of this, the cloud server 2 may make a pairthereof. In such a case, the cloud server 2 obtains the MFP address book601 from the image forming apparatus 1, and makes a pair of an MFP IDand an SNS ID. The image forming apparatus 1 may obtain the result ofpairing from the cloud server 2.

When the document data 61 saved in the online storage of the cloudserver 2 is updated, the image forming apparatus 1 may update theoriginal document data 61 similarly. In short, synchronization may beachieved between the original document data 61 and the document data 61saved in the online storage.

The upload program 1PA, the identity verification program 1PB, and theprint program 1PC may be configured as one program. Likewise, the uploadprogram 2PA, the document providing program 2PB, and the update printprogram 2PC may be configured as one program. The remote panelapplication 3PA, the mailer 3PB, and the web browser 3PC may beconfigured as one program.

In this embodiment, the case is described in which a duplicate set ofthe document data 61 is saved to the online storage for SNS. The presentinvention is also applicable to the case of saving data to an onlinestorage not for SNS.

In this embodiment, the case is described in which the document data 61is shared by users. The present invention is also applicable to the casewhere music data or moving image data is shared by users.

The present invention is also applicable to the case where the documentdata 61 saved in the online storage for the cloud server 2 is uploadedto the box of the image forming apparatus 1. In such a case, the imageforming apparatus 1 and the cloud server 2 preferably switch the rolesthereof for the foregoing processing. In such a case, an access rightthat has been set for SNS may be used in the image forming apparatus 1.

It is to be understood that the configurations of the network system 5,the image forming apparatus 1, the cloud server 2, and the terminal 3,the constituent elements thereof, the content and order of theprocessing, the configuration of data, the configuration of the screens,and the like can be appropriately modified without departing from thespirit of the present invention.

While example embodiments of the present invention have been shown anddescribed, it will be understood that the present invention is notlimited thereto, and that various changes and modifications may be madeby those skilled in the art without departing from the scope of theinvention as set forth in the appended claims and their equivalents.

What is claimed is:
 1. A shared data managing device for managing shareddata by setting an access right on a first user account basis, the firstuser account having a first identifier and first user information on afirst user who is to receive a first service, the device comprising: anobtaining portion configured to obtain, from a service providing systemproviding a second service, a second identifier of a second user accountused for the second service and second user information on a seconduser; a pairing portion configured to make a pair of the firstidentifier and the second identifier of the first user account and thesecond user account that are common in the first user information andthe second user information; and a transmission portion configured tosend, to the service providing system, the shared data, the pair of thefirst identifier and the second identifier, and the access right on afirst user account basis.
 2. The shared data managing device accordingto claim 1, comprising a printer configured to, when the serviceproviding system informs the shared data managing device of a printcommand together with the first identifier or the second identifier,print an image based on the shared data in accordance with the accessright corresponding to the first user account having the firstidentifier, or, alternatively, in accordance with the access rightcorresponding to the first user account having the first identifierpaired with the second identifier.
 3. A shared data managing device thatreceives shared data from another device and manages the shared data ona second user account basis, the second user account having a secondidentifier and second user information on a second user who is toreceive a second service, said another device managing the shared databy setting an access right on a first user account basis, the first useraccount having a first identifier and first user information on a firstuser who is to receive a first service, the shared data managing devicecomprising: a transmission portion configured to send, to said anotherdevice, the second identifier and the second user information on asecond user account basis; a receiving portion configured to receive theaccess right on a first user account basis, and a pair of the firstidentifier and the second identifier of the first user account and thesecond user account that are common in the first user information andthe second user information, the pair being made by said another device;and a control portion configured to control, when a request for accessto the shared data with the second user account is made, access to theshared data in accordance with the access right corresponding to thefirst user account having the first identifier paired with the secondidentifier of the second user account.
 4. The shared data managingdevice according to claim 3, wherein the second service is an onlinestorage service.
 5. A shared data managing method for managing access toshared data on a second user account basis, the second user accounthaving a second identifier and second user information on a second userwho is to receive a second service, the shared data being managed bysetting an access right on a first user account basis, the first useraccount having a first identifier and first user information on a firstuser who is to receive a first service, the method comprising: making apair of the first identifier and the second identifier of the first useraccount and the second user account that are common in the first userinformation and the second user information; and controlling, when arequest for access to the shared data with the second user account ismade, access to the shared data in accordance with the access rightcorresponding to the first user account having the first identifierpaired with the second identifier of the second user account.
 6. Theshared data managing method according to claim 5, comprising receivingauthentication information having the first identifier from the seconduser who has logged in with the second user account, and confirmingauthenticity of the second user who has logged in based on theauthentication information; wherein when the authenticity of the seconduser who has logged in is confirmed, the first identifier received fromthe second user is paired with the second identifier of the second useraccount of the second user.
 7. The shared data managing method accordingto claim 5, wherein the second user account is a user account of aconcerned party of an owner of the shared data, or, a user account of aparty designated by the owner.
 8. The shared data managing methodaccording to claim 5, wherein the first user information is contactinformation for the first user, and the second user information iscontact information for the second user.
 9. A non-transitorycomputer-readable storage medium storing thereon a computer program usedin a computer, the computer managing shared data by setting an accessright on a first user account basis, the first user account having afirst identifier and first user information on a first user who is toreceive a first service, the computer program causing the computer toperform processing comprising: processing for obtaining, from a serviceproviding system providing a second service, a second identifier of asecond user account used for the second service and second userinformation on a second user; processing for making a pair of the firstidentifier and the second identifier of the first user account and thesecond user account that are common in the first user information andthe second user information; and processing for sending, to the serviceproviding system, the shared data, the pair of the first identifier andthe second identifier, and the access right on a first user accountbasis.
 10. The non-transitory computer-readable storage medium accordingto claim 9, wherein, when the service providing system informs theshared data managing device of a print command together with the firstidentifier or the second identifier, the computer is caused to performprocessing for printing an image based on the shared data in accordancewith the access right corresponding to the first user account having thefirst identifier, or, alternatively, in accordance with the access rightcorresponding to the first user account having the first identifierpaired with the second identifier.
 11. A non-transitorycomputer-readable storage medium storing thereon a computer program usedin a computer, the computer receiving shared data from another deviceand managing the shared data on a second user account basis, the seconduser account having a second identifier and second user information on asecond user who is to receive a second service, said another devicemanaging the shared data by setting an access right on a first useraccount basis, the first user account having a first identifier andfirst user information on a first user who is to receive a firstservice, the computer program causing the computer to perform processingcomprising: processing for sending, to said another device, the secondidentifier and the second user information on a second user accountbasis; processing for receiving the access right on a first user accountbasis, and a pair of the first identifier and the second identifier ofthe first user account and the second user account that are common inthe first user information and the second user information, the pairbeing made by said another device; and processing for controlling, whena request for access to the shared data with the second user account ismade, access to the shared data in accordance with the access rightcorresponding to the first user account having the first identifierpaired with the second identifier of the second user account.
 12. Thenon-transitory computer-readable storage medium according to claim 11,wherein the second service is an online storage service.